New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CS0-002 Premium Exam Questions

Page: 19 / 27
Question 76

A cybersecurity analyst is supporting an Incident response effort via threat Intelligence Which of the following is the analyst most likely executing?

Options:

A.

Requirements analysis and collection planning

B.

Containment and eradication

C.

Recovery and post-incident review

D.

Indicator enrichment and research pivoting

Question 77

Which of the following activities is designed to handle a control

failure that leads to a breach?

Options:

A.

Risk assessment

B.

Incident management

C.

Root cause analysis

D.

Vulnerability management

Question 78

A systems administrator believes a user's workstation has been compromised. The workstation's performance has been lagging significantly for the past several hours. The administrator runs the task list

/ v command and receives the following output:

Which of the following should a security analyst recognize as an indicator of compromise?

Options:

A.

dwm.exe being executed under the user context

B.

The high usage of vscode. exe * 32

C.

The abnormal behavior of paint.exe

D.

svchost.exe being executed as SYSTEM

Question 79

During an incident response procedure, a security analyst extracted a binary file from the disk of a compromised server. Which of the following is the best approach for analyzing the file without executing it?

Options:

A.

Memory analysis

B.

Hash signature check

C.

Reverse engineering

D.

Dynamic analysis

Page: 19 / 27
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Dec 22, 2024
Questions: 372
CS0-002 pdf

CS0-002 PDF

$25.5  $84.99
CS0-002 Engine

CS0-002 Testing Engine

$28.5  $94.99
CS0-002 PDF + Engine

CS0-002 PDF + Testing Engine

$40.5  $134.99